diff options
-rw-r--r-- | custodia.conf | 13 | ||||
-rw-r--r-- | custodia/http/authenticators.py | 31 |
2 files changed, 40 insertions, 4 deletions
diff --git a/custodia.conf b/custodia.conf index 78a0d26..296ab6d 100644 --- a/custodia.conf +++ b/custodia.conf @@ -1,10 +1,15 @@ [global] server_version = "Secret/0.0.7" -[auth:simple] -handler = custodia.http.authenticators.SimpleCredsAuth -uid = 48 -gid = 48 +#[auth:simple] +#handler = custodia.http.authenticators.SimpleCredsAuth +#uid = 48 +#gid = 48 + +[auth:header] +handler = custodia.http.authenticators.SimpleHeaderAuth +name = REMOTE_USER +value = simo [/] handler = custodia.root.Root diff --git a/custodia/http/authenticators.py b/custodia/http/authenticators.py index ad912c6..0a4d9c7 100644 --- a/custodia/http/authenticators.py +++ b/custodia/http/authenticators.py @@ -30,3 +30,34 @@ class SimpleCredsAuth(HTTPAuthenticator): request['valid_user'] = True else: raise HTTPError(403) + + +class SimpleHeaderAuth(HTTPAuthenticator): + + def __init__(self, config=None): + super(SimpleHeaderAuth, self).__init__(config) + self.name = 'REMOTE_USER' + self.value = None + if 'header' in self.config: + self.name = self.config['header'] + if 'value' in self.config: + self.value = self.config['value'] + + def handle(self, request): + if self.name not in request['headers']: + raise HTTPError(403) + value = request['headers'][self.name] + if self.value is None: + # Any value is accepted + pass + elif isinstance(self.value, str): + if value != self.value: + raise HTTPError(403) + elif isinstance(self.value, list): + if value not in self.value: + raise HTTPError(403) + else: + raise HTTPError(403) + + request['valid_user'] = True + request['valid_header'] = value |